CrowdStrike CEO George Kurtz: Microsoft’s Security Offerings Are A ‘Leaky Lifeboat’

‘If getting a free leaky lifeboat is something that people want to get to their customer or the customer wants to have, you got your leaky lifeboat. Or maybe it leaks. Maybe it doesn’t. But if you want the best security outcome, there are other solutions that are out there,’ CrowdStrike CEO George Kurtz says in an XChange Best of Breed interview.

George Kurtz says he’s not one to mince words, and the co-founder and CEO of cybersecurity giant CrowdStrike proved it once again at this week’s XChange Best of Breed conference in Atlanta.

Appearing before hundreds of tech vendors, channel partners and others attending the annual event hosted by CRN parent The Channel Company, the outspoken Kurtz discussed a wide range of security-related issues confronting industry players and customers alike.

Among the topics raised are his views on annual recurring revenue for partners, CrowdStrike’s new “elite” category of channel players, and how his cloud-native security company is benefiting from customers’ negative reactions to the proposed Broadcom-VMware merger, a topic CRN covered earlier this week.

But Kurtz, who has criticized Microsoft in the past over security issues, tangled with the huge Redmond, Wash.-based company once again this week. Among other things, he attributed a majority of certain cyberbreaches to Microsoft products, compared the software behemoth’s total security offerings to a “leaky lifeboat” and called its authentication architecture “a mess.”

Responding to a CRN request for comment, a Microsoft spokesman issued a statement in reaction to Kurtz’s comments: “While some competitors lead with innuendo and self-serving claims, Microsoft believes security is a team sport and we gather and act on 43 trillion security signals every day to protect customers and partner with fellow defenders across the industry, making the world a safer place. Our customers choose Microsoft because we deliver the most integrated security portfolio. On average, customers save more than 60 percent when they turn to Microsoft for comprehensive security, compared to a multivendor security implementation.”

The following are excerpts from Kurtz’s XChange Best of Breed discussion with The Channel Company Founding Partner Robert Faletra and CRN Executive Editor, News Steven Burke.

‘It’s a real mess’

Microsoft is ubiquitous. They’ve done a good job. They’ve grown as a company, etc. But at the end of the day, and I’m telling you, I wrote a small book called ‘Hacking Exposed,’ which came out in 1999 and became pretty popular. And in 1999, I did a Black Hat keynote in Las Vegas and it was on something called ‘Pass the Hash.’ Some of the folks in here might be familiar with that. But that was super novel then. No one had ever demoed that in the past, taking a password hash, which is an encrypted password, and not cracking it. And basically using that as your password to authenticate to another system. The Microsoft environment is the only environment that I know of that you can take a password and just reuse it. Right? And it’s a huge architectural issue. That was in 1999. You can do that today. … You can take those passwords out of memory and basically just do the same technique in 2022. And it’s even worse now because there‘s a hodgepodge of syncing and you know that you have SAML tickets and golden SAML tickets. I mean, it’s a real mess.

Identity-related breaches

Seventy-one percent of the latest breaches that we put in a report that we just put out were not malware- related. So let‘s go back to what I said earlier: The whole industry has been focused [for a long while] on stopping malware, but now in today’s environment 71 percent are not malware-related. What are they using? They’re using things like identity. Eighty percent of the breaches that we are investigating or deal with are identity-based. What’s the No. 1 system out there? It’s AD. The No. 1 credential that is stolen is a Microsoft credential that’s either going be used internally or that’s going to be used in the cloud.

‘Leaky lifeboat’

At the end of the day, if you want to get the best outcome, free is never free. …

It’s not free. If you take [most security options] off the table, then what is the outcome [for a customer]? If getting a free leaky lifeboat is something that people want to get to their customer or the customer wants to have, you got your leaky lifeboat. Or maybe it leaks. Maybe it doesn’t. But if you want the best security outcome, there are other solutions that are out there.

‘We grow with the customer’

What we try to do in the partner program is to really set it up in a way that over time, as we grow with the customer, as we add more modules, as we move into their cloud environment, as they add more people, systems or whatever it might be, that is a recurring revenue that accrues to not only us but also to our partners. Our partners are there as they’re bringing us into deals. They’re still getting credit on the renewals.

The partner program ‘elite’ category

I don’t know if that’s different than what a lot of other companies that are out there are doing. I mean, the [new] partner program is more about volumes and investment into the business. And the naming [elite] partner programming is part of it. … It’s just about meeting different levels of engagement, different levels of spending, different levels of volume. I don’t think what we’re doing is different from others.

It’s pretty simple’

Well, we’ve seen a bunch of [such attacks]. We’ve actually found a bunch of them our own [in partners’ environments]. It came from the managed service provider. Why does that happen? Well, it’s the one-to-many relationship. Obviously, it’s pretty simple. If you get in wanting to get to 1,000 customers, that makes it pretty fruitful. There’s always a cost to getting into a system. But how does that happen? It’s things like two-factor authentication systems being abused in the simplest ways. You may laugh at this, but think about everyone’s working from home with COVID. We have VPN, as you know, you’re working on your VPN, you go have dinner with your family, put your kids to bed, and you come back. What happens to your VPN? It goes to reauthenticate, right? You don’t talk about it and then it pings you again. It goes reauthenticate. People just click the button. We see this all the time. These three authentication requests are generated. People go, ‘Oh, yeah, I‘m working from home. It must be my VPN, click boom.’ And all of a sudden someone used the credentials they stole [and] now they’re on the system.

Customers ‘concerned’ about Carbon Black

We got a lot of customers that have called us [and] said, ‘Hey, I’m concerned about the Carbon Black acquisition. We lived through the Symantec acquisition. We know what’s going to happen.’ Prices are going to go up, service is going to go down. … We’re actively working on replacement deals right now.

... They’re concerned about the acquisition, as most customers are, and they’re looking for alternative solutions.